Page MenuHomeVyOS Platform
Create Task
Maniphest T6676

Invalid route-map caused bgpd to crash
Closed, ResolvedPublicBUG
Actions

Description

The VyOS CLI allows you to set a route map with an on-match next rule even if the rule action is set to deny.
When this is committed, the logic check of frr fails, causing the action to "crash".

I assume the expected behaviour should be that VyOS itself already returns a logic error on commit, so it can return a proper error message instead of the frr output mess.

Example config:

set policy route-map XXXX rule 104 action deny
set policy route-map XXXX rule 104 match as-path 'ASN-LIST'
set policy route-map XXXX rule 104 on-match next

"Error" output:

alyx@vyos# set policy route-map XXXX rule 104 action deny
[edit]
alyx@vyos# commit

[18025|mgmtd] sending configuration [18026|zebra] sending configuration
[18027|ripd] sending configuration [18028|ripngd] sending configuration
[18029|ospfd] sending configuration [18030|ospf6d] sending configuration
[18031|ldpd] sending configuration [18032|bgpd] sending configuration
[18033|isisd] sending configuration [18040|watchfrr] sending
configuration [18042|staticd] sending configuration [18046|pim6d]
sending configuration [18025|mgmtd] done Waiting for children to finish
applying config... [18037|babeld] sending configuration [18043|bfdd]
sending configuration [18031|ldpd] done [18046|pim6d] done
[18040|watchfrr] done % Configuration failed.  Error type: validation
line 6: Failure to communicate[13] to ospf6d, line:  on-match next  %
Configuration failed.  Error type: validation line 6: Failure to
communicate[13] to zebra, line:  on-match next  % Configuration failed.
Error type: validation line 6: Failure to communicate[13] to ripngd,
line:  on-match next  [18030|ospf6d] Configuration
file[/etc/frr/frr.conf] processing failure: 13 [18026|zebra]
Configuration file[/etc/frr/frr.conf] processing failure: 13
[18028|ripngd] Configuration file[/etc/frr/frr.conf] processing failure:
13 [18043|bfdd] done [18037|babeld] done [18042|staticd] done %
Configuration failed.  Error type: validation line 6: Failure to
communicate[13] to ospfd, line:  on-match next  [18029|ospfd]
Configuration file[/etc/frr/frr.conf] processing failure: 13 %
Configuration failed.  Error type: validation line 6: Failure to
communicate[13] to ripd, line:  on-match next  % Configuration failed.
Error type: validation line 6: Failure to communicate[13] to isisd,
line:  on-match next  [18033|isisd] Configuration
file[/etc/frr/frr.conf] processing failure: 13 [18027|ripd]
Configuration file[/etc/frr/frr.conf] processing failure: 13 %
Configuration failed.  Error type: validation line 6: Failure to
communicate[13] to bgpd, line:  on-match next  [18032|bgpd]
Configuration file[/etc/frr/frr.conf] processing failure: 13
[18050|mgmtd] sending configuration [18051|zebra] sending configuration
[18052|ripd] sending configuration [18053|ripngd] sending configuration
[18054|ospfd] sending configuration [18055|ospf6d] sending configuration
[18056|ldpd] sending configuration [18057|bgpd] sending configuration
[18058|isisd] sending configuration [18062|babeld] sending configuration
[18065|watchfrr] sending configuration Waiting for children to finish
applying config... [18067|staticd] sending configuration [18071|pim6d]
sending configuration [18068|bfdd] sending configuration [18050|mgmtd]
done [18056|ldpd] done % Configuration failed.  Error type: validation
line 6: Failure to communicate[13] to zebra, line:  on-match next  %
Configuration failed.  Error type: validation line 6: Failure to
communicate[13] to ripngd, line:  on-match next  % Configuration failed.
Error type: validation line 6: Failure to communicate[13] to ospfd,
line:  on-match next  % Configuration failed.  Error type: validation
line 6: Failure to communicate[13] to isisd, line:  on-match next  %
Configuration failed.  Error type: validation line 6: Failure to
communicate[13] to ospf6d, line:  on-match next  [18067|staticd] done
[18065|watchfrr] done % Configuration failed.  Error type: validation
line 14: Failure to communicate[13] to zebra, line:  on-match next
[18051|zebra] Configuration file[/etc/frr/frr.conf] processing failure:
13 [18068|bfdd] done [18062|babeld] done % Configuration failed.  Error
type: validation line 14: Failure to communicate[13] to ripngd, line:
on-match next  % Configuration failed.  Error type: validation line 14:
Failure to communicate[13] to ospf6d, line:  on-match next  %
Configuration failed.  Error type: validation line 14: Failure to
communicate[13] to ospfd, line:  on-match next  [18055|ospf6d]
Configuration file[/etc/frr/frr.conf] processing failure: 13
[18071|pim6d] done % Configuration failed.  Error type: validation line
14: Failure to communicate[13] to isisd, line:  on-match next  %
Configuration failed.  Error type: validation line 6: Failure to
communicate[13] to ripd, line:  on-match next  [18058|isisd]
Configuration file[/etc/frr/frr.conf] processing failure: 13
[18053|ripngd] Configuration file[/etc/frr/frr.conf] processing failure:
13 [18054|ospfd] Configuration file[/etc/frr/frr.conf] processing
failure: 13 % Configuration failed.  Error type: validation line 14:
Failure to communicate[13] to ripd, line:  on-match next  [18052|ripd]
Configuration file[/etc/frr/frr.conf] processing failure: 13 %
Configuration failed.  Error type: validation line 6: Failure to
communicate[13] to bgpd, line:  on-match next  % Configuration failed.
Error type: validation line 14: Failure to communicate[13] to bgpd,
line:  on-match next  [18057|bgpd] Configuration file[/etc/frr/frr.conf]
processing failure: 13

[[policy]] failed
Commit failed

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.5-rolling-202407251105
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)